Problem Description
Disclaimer: Not asking for help here, the issue has been more or less resolved, already. Posting for future reference in case anyone (or my later self) comes looking.
Tl;dr:
- Hardware migration from raspi2 => raspi4, both running bookworm, all updates installed, both on FBX 23.6.2
- raspi2 was installed from the official raspi FBX image and has been running fine for 4+ years
- raspi4 was installed via apt on a vanilla bookworm setup, clean slate
- Backups for
tt-rssand other services were made using the system > backups app in plinth - Restoring
tt-rssfrom backup fails (details below) but I was somehow able to salvage it- Error message is “FATAL: password authentication failed for user “ttrss”” when trying to access the app
Related threads are:
True for both instances mentioned above: “You are running Debian GNU/Linux 12 (bookworm) and FreedomBox version 23.6.2. FreedomBox is up to date.”
Steps to Reproduce
In my case:
- Backup
tt-rsson a FBX 23.6.2 - Restore this backup (selecting only
tt-rssduring the wizard) on a different, vanilla FBX 23.6.2 - During restoration, the
tt-rssapp will be installed, but setup fails with below error (see ‘actual’).
Expected Results
Successful restore of my tt-rss setup with feed subscriptions, settings, starred articles etc.
Actual results
During installation and setup of the tt-rss app this error occurs:
Detailed error message from `journalctl -xe`
Jan 24 20:09:22 fbox update.php[8788]: PHP Warning: require_once(config.php): Failed to open stream: Permission denied in /usr/share/tt-rss/www/include/functions.php on line 40
Jan 24 20:09:22 fbox update.php[8788]: PHP Fatal error: Uncaught Error: Failed opening required 'config.php' (include_path='/usr/share/tt-rss/www/include:.:/usr/share/php') in /usr/share/tt-rss/www/include/functions.php:40
Jan 24 20:09:22 fbox update.php[8788]: Stack trace:
Jan 24 20:09:22 fbox update.php[8788]: #0 /usr/share/tt-rss/www/include/autoload.php(2): require_once()
Jan 24 20:09:22 fbox update.php[8788]: #1 /usr/share/tt-rss/www/update.php(10): require_once('...')
Jan 24 20:09:22 fbox update.php[8788]: #2 {main}
Jan 24 20:09:22 fbox update.php[8788]: thrown in /usr/share/tt-rss/www/include/functions.php on line 40
Jan 24 20:09:22 fbox systemd[1]: tt-rss.service: Main process exited, code=exited, status=255/EXCEPTION
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit tt-rss.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 255.
Jan 24 20:09:22 fbox systemd[1]: tt-rss.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit tt-rss.service has entered the 'failed' state with result 'exit-code'.
Jan 24 20:09:22 fbox sudo[8637]: pam_unix(sudo:session): session closed for user root
Jan 24 20:09:22 fbox /usr/bin/plinth[820]: # ttrss..enable_api_access(…)
Jan 24 20:09:22 fbox sudo[8792]: plinth : PWD=/ ; USER=root ; COMMAND=/usr/share/plinth/actions/actions ttrss enable_api_access --write-fd 18
Jan 24 20:09:22 fbox sudo[8792]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=112)
Jan 24 20:09:24 fbox /usr/share/plinth/actions/actions[8794]: Error executing action: connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ttrss"
connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ttrss"
Traceback (most recent call last):
File "/usr/share/plinth/actions/actions", line 92, in _call
return_values = func(*arguments['args'], **arguments['kwargs'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/plinth/modules/ttrss/privileged.py", line 100, in enable_api_access
connection = psycopg2.connect(database=database, user=user,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/psycopg2/__init__.py", line 122, in connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
psycopg2.OperationalError: connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ttrss"
connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ttrss"
Jan 24 20:09:24 fbox sudo[8792]: pam_unix(sudo:session): session closed for user root
Most salient details in this log excerpt:
- The error is happening during step
/usr/share/plinth/actions/actions ttrss enable_api_access --write-fd 18 - The error visible at the end is
FATAL: password authentication failed for user "ttrss" - However the root cause seems to be (at the top of the log):
PHP Warning: require_once(config.php): Failed to open stream: Permission denied in /usr/share/tt-rss/www/include/functions.php on line 40
Further analysis
I follow through the mentioned files and verified that the DB credentials had been set up correctly:
- The credentials are defined in
/etc/dbconfig-common/tt-rss.conf. - From this source
/etc/tt-rss/database.phpis generated. - I verified I can log on to postgres using these credentials successfully:
$ psql -d ttrss -U ttrss -h localhost -p 5432 -W
Password:
psql (15.5 (Debian 15.5-0+deb12u1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)
Type "help" for help.
ttrss=>
File permissions for the config files are:
/etc/tt-rss $ ls -l
total 24
-rw-r--r-- 1 root root 75 Nov 20 2022 apache.conf
-rw-r--r-- 1 root root 289 Nov 20 2022 avahi.service
-rw-r--r-- 1 root root 6938 Jan 25 10:15 config.php
-rw-r----- 1 root www-data 509 Jan 24 20:18 database.php
-rw-r--r-- 1 root root 98 Nov 20 2022 lighttpd.conf
The folder /etc/tt-rss/ itself is 755, owned by root.
I am not 100% sure I am looking in the right place, though. The action enable_api_access that has been triggered from the setup procedure could well use different credentials to tweak settings in postgres’ meta schemas?
Anyway, the result was a broken installation of tt-rss with this interim state:
- plinth shows
tt-rssas installed, however removing it is not possible anymore. tt-rssis not working, resulting in “FATAL: password authentication failed for user “ttrss”” when trying to access it.
Salvaging the installation
I was able to get tt-rss up and running (albeit without restored data, just re-imported my OPML instead) with the following steps:
- Remove and purge
tt-rssfrom the console:sudo apt remove --purge tt-rss- Made sure to also purge the DB schema and data completely when asked
- Reinstall using apt instead of plinth:
sudo apt install tt-rss, and during the installation do the following:- Set up a new, empty DB schema from the wizard
- Set the canonical self URL (the full path for the
tt-rssinstallation, e. g. “https://box.example.com/tt-rss/”) - Choose to auto-configure apache2 (as provided by FBX)
- Afterwards I was able to access
tt-rssthrought the usual URL, however it defaults to its own login (default credentials are “admin” / “password”), so I went back to its config in/etc/tt-rss/config.phpand changeddefine('PLUGINS', 'auth_internal, note');todefine('PLUGINS', 'auth_remote, note');tt-rssautomatically picked up SSO via plinth this way
- Last step was to import my backed up OPML file with feed subscriptions and tweak my usual settings in the UI to my linking.
The result is:
- Plinth shows
tt-rssto be installed. Link tott-rssand SSO work as intended. tt-rssitself is usable and has my feeds again- I’m fine with data loss here, it may be inconvenient but how often do I really come back to my starred entries…? *shrug
I am summarizing this here not as a support case, but as minutes of my fix, so hopefully it may help others if they ever encounter this issue.
Closing words: Aside from this minor nuisance, the whole backup/migrate/restore procedure went super smoothly and I am very grateful to everybody who has contributed to making it this stable. Moving gitweb, syncthing (settings only), samba etc. all went without any issues. Thanks a lot!
Cheers,
Axel
